Analysis
-
max time kernel
146s -
max time network
146s -
platform
debian-12_mipsel -
resource
debian12-mipsel-20240729-en -
resource tags
arch:mipselimage:debian12-mipsel-20240729-enkernel:6.1.0-17-4kc-maltalocale:en-usos:debian-12-mipselsystem -
submitted
29-11-2024 02:09
Behavioral task
behavioral1
Sample
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf
Resource
debian12-mipsel-20240729-en
General
-
Target
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf
-
Size
151KB
-
MD5
86ea06ad218a6ca4e51395ef27e41e6c
-
SHA1
e896de83f0182465a978d5dd1b98db026da681dc
-
SHA256
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16
-
SHA512
1c7396c6277613500977cc9980b4194cc8aeed7fccaee988578b3e808a5978d9aa2ea40e96ec1fd9da6b0929e22c30e925bb18a2d07ca11d8cce56c7df0782ee
-
SSDEEP
3072:dgZc9h1jlnLA2PiXYeyCcrVNMVGuo9mrThPaLEnvPrNb:dd7lnLA2PiIeyZrVWDo9mrThPaLEnvP5
Malware Config
Signatures
-
Modifies Watchdog functionality 1 TTPs 2 IoCs
Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
Processes:
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elfdescription ioc Process File opened for modification /dev/misc/watchdog 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf File opened for modification /dev/watchdog 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf -
Reads system routing table 1 TTPs 1 IoCs
Gets active network interfaces from /proc virtual filesystem.
Processes:
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elfdescription ioc Process File opened for reading /proc/net/route 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf -
Changes its process name 1 IoCs
Processes:
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elfdescription ioc pid Process Changes the process name, possibly in an attempt to hide itself /usr/sbin/dropbear 740 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf -
Reads system network configuration 1 TTPs 1 IoCs
Uses contents of /proc filesystem to enumerate network settings.
Processes:
19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elfdescription ioc Process File opened for reading /proc/net/route 19897b721dc0c6dd554f3e97fe2e8792a18c0511ec0f447e9510a01b49aead16.elf